A Primer on Digital Certificates

Digital Certificates – also known as SSL Certificates – are increasingly becoming ‘de rigueur’ for all manners of websites, especially business websites where financial transactions transpire. Essentially, a ‘Digital Cert’ is an ID document or ‘signature’ that is attached to electronic messages and/or files to provide enhanced security. This signature contains information about the certificate holder, the domain it was issued to, the root of the country where it was issued, a serial number and expiration date as well as a copy of the holder’s ‘public key'(part of its encryption system).
Digital certificates have a couple of functions. They contain information about you (the certified party), confirming your credentials and providing assurance that you are who you claim to be on the Internet. Digital certificates also confirm the credentials of websites you visit, helping to eliminate macro viruses from being introduced to your documents, computer and network.
Digital certificates are issued by Certification Authorities or CA’s – trustworthy, third-party vendors who guarantee the identity of a certified individual by conducting an in-depth ID check. Certification Authorities have arrangements with financial institutions (usually credit card companies) whereby they receive financial and personal information to confirm a holder’s identity.
Digital Certificates work by using SSL or Secure Socket Layer technology. SSL is a protocol that was developed for sending private documents over the Internet. It uses a cryptographic system of public and private keys to transmit data securely between a server (i.e. the website you are visiting) and a client (the browser you are using to navigate the Internet). You know if a webpage is secure when the URL starts with “HTTPS//” rather than “HTTP//”. In the bottom right corner of an HTTPS// page is a padlock icon which you can click on to view the details of that site’s digital certificate.
So … who needs to use a digital certificate? The short answer: all websites that collect or handle any manner of confidential or identity-related information, including: passwords, usernames, email addresses, financial or personal information, business records and sensitive documents of any kind. If you process financial transactions, a digital certificate is absolutely necessary. And if privacy is a consideration whatsoever, a digital certificate is a good idea because it gives your website credibility and provides reassurance to your website’s constituency.
You have a couple options when it comes time to implement a digital certificate for your website. The simplest option is to purchase your digital certificate from a reputable online vendor; there are many to choose from but a few of the best known include Verisign, Thawte and Geotrust. They come in different levels of encryption (126 bit, 256 bit) and range from $150 to $1500 Canadian per year depending on the company and level of security you choose. The basic certificate at Geotrust can be provisioned in around 10 minutes while others take from two to several days for the full verification process . Alternatively, you can also create your own digital certificate, but it’s a technically complicated process and lacks the credibility provided by recognized vendors.
For More Information:
http://www.webopedia.com/…2005/ssl.asp
‘SSL: Your Key to E-commerce Security’ – a short, informative article on digital certificates for e-commerce websites